JP7073343B2 - 難読化されたウェブサイトコンテンツ内のセキュリティ脆弱性及び侵入検出及び修復 - Google Patents
難読化されたウェブサイトコンテンツ内のセキュリティ脆弱性及び侵入検出及び修復 Download PDFInfo
- Publication number
- JP7073343B2 JP7073343B2 JP2019510573A JP2019510573A JP7073343B2 JP 7073343 B2 JP7073343 B2 JP 7073343B2 JP 2019510573 A JP2019510573 A JP 2019510573A JP 2019510573 A JP2019510573 A JP 2019510573A JP 7073343 B2 JP7073343 B2 JP 7073343B2
- Authority
- JP
- Japan
- Prior art keywords
- website
- file
- content
- security
- script code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title description 37
- 230000008439 repair process Effects 0.000 title description 19
- 238000000034 method Methods 0.000 claims description 116
- 238000004458 analytical method Methods 0.000 claims description 28
- 238000004422 calculation algorithm Methods 0.000 claims description 16
- 238000007689 inspection Methods 0.000 claims description 16
- 238000012986 modification Methods 0.000 claims description 12
- 230000004048 modification Effects 0.000 claims description 12
- 230000001010 compromised effect Effects 0.000 claims description 6
- 238000012544 monitoring process Methods 0.000 claims description 2
- 238000012545 processing Methods 0.000 description 39
- 238000003491 array Methods 0.000 description 33
- 238000012360 testing method Methods 0.000 description 24
- 230000006870 function Effects 0.000 description 20
- 238000004891 communication Methods 0.000 description 17
- 230000000694 effects Effects 0.000 description 16
- 238000007477 logistic regression Methods 0.000 description 13
- 238000012502 risk assessment Methods 0.000 description 13
- 230000009471 action Effects 0.000 description 12
- 230000001186 cumulative effect Effects 0.000 description 12
- 208000015181 infectious disease Diseases 0.000 description 12
- 230000008569 process Effects 0.000 description 12
- 238000007726 management method Methods 0.000 description 8
- 241000700605 Viruses Species 0.000 description 7
- 238000011156 evaluation Methods 0.000 description 7
- 238000012954 risk control Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 238000005067 remediation Methods 0.000 description 6
- 238000007619 statistical method Methods 0.000 description 6
- 230000008859 change Effects 0.000 description 5
- 230000001965 increasing effect Effects 0.000 description 5
- 239000000243 solution Substances 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 4
- 230000000670 limiting effect Effects 0.000 description 4
- 238000007637 random forest analysis Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000013459 approach Methods 0.000 description 3
- 230000001413 cellular effect Effects 0.000 description 3
- 230000006872 improvement Effects 0.000 description 3
- 238000002347 injection Methods 0.000 description 3
- 239000007924 injection Substances 0.000 description 3
- 230000006855 networking Effects 0.000 description 3
- 238000005457 optimization Methods 0.000 description 3
- 238000012805 post-processing Methods 0.000 description 3
- 230000002829 reductive effect Effects 0.000 description 3
- 101000928090 Caenorhabditis elegans Desumoylating isopeptidase 1 homolog Proteins 0.000 description 2
- 101000928089 Homo sapiens Desumoylating isopeptidase 1 Proteins 0.000 description 2
- 102100032211 Solute carrier family 35 member G1 Human genes 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 239000000872 buffer Substances 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 230000002441 reversible effect Effects 0.000 description 2
- 230000035945 sensitivity Effects 0.000 description 2
- 238000010998 test method Methods 0.000 description 2
- 241000239290 Araneae Species 0.000 description 1
- 206010011409 Cross infection Diseases 0.000 description 1
- 206010029803 Nosocomial infection Diseases 0.000 description 1
- 238000001545 Page's trend test Methods 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 238000010420 art technique Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000005094 computer simulation Methods 0.000 description 1
- 238000013481 data capture Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 230000001939 inductive effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000003211 malignant effect Effects 0.000 description 1
- 239000003550 marker Substances 0.000 description 1
- 230000035515 penetration Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000013517 stratification Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
- 230000007502 viral entry Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Information Transfer Between Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Stored Programmes (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201662332720P | 2016-05-06 | 2016-05-06 | |
| US62/332,720 | 2016-05-06 | ||
| US201662422311P | 2016-11-15 | 2016-11-15 | |
| US62/422,311 | 2016-11-15 | ||
| PCT/US2017/031348 WO2017193027A1 (fr) | 2016-05-06 | 2017-05-05 | Détection et réparation d'infiltration et de faiblesse de sécurité dans un contenu de site web obscurci |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| JP2019517088A JP2019517088A (ja) | 2019-06-20 |
| JP7073343B2 true JP7073343B2 (ja) | 2022-05-23 |
Family
ID=60203647
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP2019510573A Active JP7073343B2 (ja) | 2016-05-06 | 2017-05-05 | 難読化されたウェブサイトコンテンツ内のセキュリティ脆弱性及び侵入検出及び修復 |
Country Status (7)
| Country | Link |
|---|---|
| US (2) | US10547628B2 (fr) |
| EP (2) | EP4270875A3 (fr) |
| JP (1) | JP7073343B2 (fr) |
| AU (2) | AU2017260360B2 (fr) |
| CA (1) | CA3023254A1 (fr) |
| ES (1) | ES2965917T3 (fr) |
| WO (1) | WO2017193027A1 (fr) |
Families Citing this family (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110029516A1 (en) * | 2009-07-30 | 2011-02-03 | Microsoft Corporation | Web-Used Pattern Insight Platform |
| CN107645478B (zh) * | 2016-07-22 | 2020-12-22 | 阿里巴巴集团控股有限公司 | 网络攻击防御系统、方法及装置 |
| US10454952B2 (en) | 2016-12-23 | 2019-10-22 | Microsoft Technology Licensing, Llc | Threat protection in documents |
| US10986100B1 (en) * | 2018-03-13 | 2021-04-20 | Ca, Inc. | Systems and methods for protecting website visitors |
| CN108768931A (zh) * | 2018-04-09 | 2018-11-06 | 卓望数码技术(深圳)有限公司 | 一种多媒体文件篡改检测系统与方法 |
| US11151246B2 (en) * | 2019-01-08 | 2021-10-19 | EMC IP Holding Company LLC | Risk score generation with dynamic aggregation of indicators of compromise across multiple categories |
| CN109787997B (zh) * | 2019-02-26 | 2021-06-11 | 上海易点时空网络有限公司 | 基于php的tcp服务方法及服务器 |
| US10523706B1 (en) | 2019-03-07 | 2019-12-31 | Lookout, Inc. | Phishing protection using cloning detection |
| JP7218630B2 (ja) * | 2019-03-15 | 2023-02-07 | 日本電気株式会社 | 情報処理装置、情報処理方法、情報処理プログラム、及び情報処理システム |
| US11368477B2 (en) | 2019-05-13 | 2022-06-21 | Securitymetrics, Inc. | Webpage integrity monitoring |
| CN110209971B (zh) * | 2019-05-15 | 2023-07-28 | 朱容宇 | 一种网站重组还原的方法及系统 |
| US11907367B2 (en) | 2019-11-22 | 2024-02-20 | Microsoft Technology Licensing, Llc | Dormant account identifier |
| CN111159703B (zh) * | 2019-12-31 | 2022-12-06 | 奇安信科技集团股份有限公司 | 虚拟机数据泄露检测方法及装置 |
| US20230123342A1 (en) * | 2020-03-16 | 2023-04-20 | Nippon Telegraph And Telephone Corporation | Vulnerability determination device, vulnerability determination method, and vulnerability determination program |
| US11843622B1 (en) * | 2020-10-16 | 2023-12-12 | Splunk Inc. | Providing machine learning models for classifying domain names for malware detection |
| CN112165498B (zh) * | 2020-11-12 | 2022-10-25 | 北京华云安信息技术有限公司 | 一种渗透测试的智能决策方法及装置 |
| US20220292417A1 (en) * | 2021-03-10 | 2022-09-15 | Microsoft Technology Licensing, Llc | Using weighted peer groups to selectively trigger a security alert |
| US20230208870A1 (en) * | 2021-12-28 | 2023-06-29 | SecureX.AI, Inc. | Systems and methods for predictive analysis of potential attack patterns based on contextual security information |
| CN115941280B (zh) * | 2022-11-10 | 2024-01-26 | 北京源堡科技有限公司 | 基于web指纹信息的渗透方法、装置、设备及介质 |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004318820A (ja) | 2004-01-13 | 2004-11-11 | Ssd Japan:Kk | データベース修復システム |
| JP2011227884A (ja) | 2010-03-31 | 2011-11-10 | Broadband Security Inc | ファイルのアップロード遮断システム及びファイルのアップロード遮断方法 |
| JP2013541774A (ja) | 2010-10-22 | 2013-11-14 | 北京神州緑盟信息安全科技股▲フン▼有限公司 | ウェブサイトスキャンデバイスおよびウェブサイトスキャン方法 |
| JP2015503789A (ja) | 2011-12-30 | 2015-02-02 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | ターゲットを絞ったセキュリティ・テストのための、コンピュータにより実施される方法、コンピュータ・プログラム製品、システム |
Family Cites Families (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110238855A1 (en) * | 2000-09-25 | 2011-09-29 | Yevgeny Korsunsky | Processing data flows with a data flow processor |
| US8448241B1 (en) * | 2006-02-16 | 2013-05-21 | Oracle America, Inc. | Browser extension for checking website susceptibility to cross site scripting |
| US8650648B2 (en) * | 2008-03-26 | 2014-02-11 | Sophos Limited | Method and system for detecting restricted content associated with retrieved content |
| US8583464B2 (en) * | 2008-04-04 | 2013-11-12 | Bank Of America Corporation | Systems and methods for optimizing market selection for entity operations location |
| US8346923B2 (en) * | 2008-11-12 | 2013-01-01 | Sophos Plc | Methods for identifying an application and controlling its network utilization |
| US9246932B2 (en) | 2010-07-19 | 2016-01-26 | Sitelock, Llc | Selective website vulnerability and infection testing |
| US8695096B1 (en) * | 2011-05-24 | 2014-04-08 | Palo Alto Networks, Inc. | Automatic signature generation for malicious PDF files |
| US9811664B1 (en) * | 2011-08-15 | 2017-11-07 | Trend Micro Incorporated | Methods and systems for detecting unwanted web contents |
| CN102624931B (zh) * | 2012-04-21 | 2015-02-25 | 华为技术有限公司 | Web客户端与服务器交互的方法、装置及系统 |
| US9536081B2 (en) * | 2012-06-12 | 2017-01-03 | Intermec Ip Corp. | System and process for managing network communications |
| US9614862B2 (en) * | 2013-07-24 | 2017-04-04 | Nice Ltd. | System and method for webpage analysis |
| US20160182542A1 (en) * | 2014-12-18 | 2016-06-23 | Stuart Staniford | Denial of service and other resource exhaustion defense and mitigation using transition tracking |
| US9798875B2 (en) * | 2015-02-03 | 2017-10-24 | Easy Solutions Enterprises Corp. | Systems and methods for detecting and addressing HTML-modifying malware |
| US9923910B2 (en) * | 2015-10-05 | 2018-03-20 | Cisco Technology, Inc. | Dynamic installation of behavioral white labels |
| US9830453B1 (en) * | 2015-10-30 | 2017-11-28 | tCell.io, Inc. | Detection of code modification |
-
2017
- 2017-05-05 AU AU2017260360A patent/AU2017260360B2/en active Active
- 2017-05-05 EP EP23197022.9A patent/EP4270875A3/fr active Pending
- 2017-05-05 CA CA3023254A patent/CA3023254A1/fr active Pending
- 2017-05-05 US US15/587,943 patent/US10547628B2/en active Active
- 2017-05-05 ES ES17793477T patent/ES2965917T3/es active Active
- 2017-05-05 WO PCT/US2017/031348 patent/WO2017193027A1/fr unknown
- 2017-05-05 EP EP17793477.5A patent/EP3452910B1/fr active Active
- 2017-05-05 JP JP2019510573A patent/JP7073343B2/ja active Active
-
2019
- 2019-12-10 US US16/708,928 patent/US11184380B2/en active Active
-
2022
- 2022-06-16 AU AU2022204197A patent/AU2022204197B2/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004318820A (ja) | 2004-01-13 | 2004-11-11 | Ssd Japan:Kk | データベース修復システム |
| JP2011227884A (ja) | 2010-03-31 | 2011-11-10 | Broadband Security Inc | ファイルのアップロード遮断システム及びファイルのアップロード遮断方法 |
| JP2013541774A (ja) | 2010-10-22 | 2013-11-14 | 北京神州緑盟信息安全科技股▲フン▼有限公司 | ウェブサイトスキャンデバイスおよびウェブサイトスキャン方法 |
| JP2015503789A (ja) | 2011-12-30 | 2015-02-02 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | ターゲットを絞ったセキュリティ・テストのための、コンピュータにより実施される方法、コンピュータ・プログラム製品、システム |
Also Published As
| Publication number | Publication date |
|---|---|
| EP3452910A1 (fr) | 2019-03-13 |
| ES2965917T3 (es) | 2024-04-17 |
| AU2022204197B2 (en) | 2024-02-22 |
| CA3023254A1 (fr) | 2017-11-09 |
| EP3452910B1 (fr) | 2023-09-13 |
| EP4270875A2 (fr) | 2023-11-01 |
| US20200162492A1 (en) | 2020-05-21 |
| EP3452910C0 (fr) | 2023-09-13 |
| US11184380B2 (en) | 2021-11-23 |
| AU2017260360A1 (en) | 2018-11-22 |
| AU2022204197A1 (en) | 2022-07-07 |
| AU2017260360B2 (en) | 2022-07-21 |
| EP4270875A3 (fr) | 2023-12-13 |
| US10547628B2 (en) | 2020-01-28 |
| JP2019517088A (ja) | 2019-06-20 |
| EP3452910A4 (fr) | 2020-07-29 |
| US20170324760A1 (en) | 2017-11-09 |
| WO2017193027A1 (fr) | 2017-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7073343B2 (ja) | 難読化されたウェブサイトコンテンツ内のセキュリティ脆弱性及び侵入検出及び修復 | |
| US11336458B2 (en) | Evaluating authenticity of applications based on assessing user device context for increased security | |
| US11218510B2 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
| Kharraz et al. | Surveylance: Automatically detecting online survey scams | |
| US10762206B2 (en) | Automated behavioral and static analysis using an instrumented sandbox and machine learning classification for mobile security | |
| US20200389495A1 (en) | Secure policy-controlled processing and auditing on regulated data sets | |
| US11888870B2 (en) | Multitenant sharing anomaly cyberattack campaign detection | |
| US10440050B1 (en) | Identifying sensitive data on computer networks | |
| US11580220B2 (en) | Methods and apparatus for unknown sample classification using agglomerative clustering | |
| US20230421547A1 (en) | Techniques for mitigating leakage of user credentials | |
| US20220067204A1 (en) | System architecture for providing privacy by design | |
| Shrivastava et al. | Android application behavioural analysis for data leakage | |
| Shukla et al. | HTTP header based phishing attack detection using machine learning | |
| Wang et al. | Union under duress: understanding hazards of duplicate resource mismediation in android software supply chain | |
| Cui et al. | Potentially Unwanted App Detection for Blockchain-Based Android App Marketplace | |
| Allix | Challenges and Outlook in Machine Learning-based Malware Detection for Android | |
| Sharma et al. | An efficient cyber threat prediction using a novel artificial intelligence technique | |
| Sanna et al. | A Risk Estimation Study of Native Code Vulnerabilities in Android Applications | |
| Mazareanu | Advantages of using a dynamic risk management approach |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20200427 |
|
| A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20210428 |
|
| A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20210520 |
|
| A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20210820 |
|
| A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20211222 |
|
| A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20220318 |
|
| TRDD | Decision of grant or rejection written | ||
| A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20220411 |
|
| A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20220511 |
|
| R150 | Certificate of patent or registration of utility model |
Ref document number: 7073343 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |